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{54} System and method for web trading 

(57) 

system tn i mssthaci for performing tir ; a nciai Panose- 
< . <. i < - . 

) i'v\„.' i i by a 

ffoonda; insti;L:b;;n to ;:;> ouoiomen; at She fosnfo-lodj: 
web site. They taduda transactions and; as; fo^jigr? air- 

i ; >c nop oney and mo ■>«?>■ marsst trades 

and >\f N 5 % v v 3 s ancf 

N S- - - l a N N i p < N < < 

bs-wesn ths in-eme: user intanace and a value.: private 
neswork {VPN.> at ' tfoaiiola; Inadutfon So ana-da *\ 
•captation o; trading appaoaSions oy sne hnsi-cia- isyjttu- 

Shis rlns-icss! transactions is pnaaded bp ins we;; P'adaio 



integrity ■ 
prtiSOCiJi, : 



58 

o 

0) 

o 



v*s as: caho cia s the benefit i i 3 
\f ! — V o "SYSTEM 
00 FOR WES TRADING'', filed Aprs: 23. 



{QQ 2) .utcr-atec! 
anaa.dai uansaedoes. and 0 eaiacaarto a system and 
t % K^rt>v < -> , j : m. n 

securely over das inter net casm a - Pnswaer for the 
-<■ m n ^ 

> 1 .MTsON 

|nOUG| 

number o: asnaeg applications, sued .as. appRniUions tee 
tracing imeiga exchange products Typically, such dad- ee 

f\i m • 
a i stla i t r. 

>■ s\ < r 

currency 1 v products, is rfepioyed idrsuph a a;; 
vate network, such aa a virtual a rivals rieiwoG ■ V^N} : 
as distinguished from tas internet. 

want t; ^ 

"d ->t or 36 

v >*WC \ { , 

t ! , * in < able la ^ and actually interact 
wad the application or seance through a wee bowser 
<• - -■' m 

assurance that Ida financial iransaailana widen they 
perform over tee internet are scarce. 

at - >>> a, 



[0006] 

perfoi y 

mm 



and: 



aspe 



; - a - - , -m s burners ne 
eeaariuacatsoa protocol from internet siuaoled protocols 
in - - protocols toaaedy a example, on impie- 

' - s , , , - - ; l 

■ion throngd a private ueiwork each aa a vnmal puvate 



Figures dd and 03 depict siiarnsiive procedures 
which a useraeetomse car: daileis aaeess la a 
ies so daanr spcdcs on meis 
institution, according to embodiments of the 
areas at invention; 

gt ^ v oi a secured sy: - i 

\ ^ C 
intuisactinns ;>ver the internal, *. , utrp to an 
emoooimsut of ids present InvetsSton; 
Figure 3 depicts an overview flow diagram for 
securely connecting a customers ciient machine to 
ine iaarmai insii-ution's system ;e provide the cus- 
tomer with aeoess to financial applications over a 
oabiic data aedvork : according la aa embodiment ot 
the present inveniioa; 

Figure 4 depicts the secure registration process * 
present invention; 

Figure a depicts a detailed view oi . -u t 
tei and browser GO at Fuyjre :?. acxedeig ta an 



■ ids 



- - \ Ida 

Internet using a mb browser for she user inteatace, 
fOSOS) it is a turtaer declare and aspect oi Ida 
ft \ . N . < - - v a 

p 1 '"' \ ' x x ^ v a- V ei cu as 

rsacy eacdar : pe : cnr;ency and laanay inarkat trades, 
and wanan; trades, aecuraiy over Ida internet. 
fOOOS] To achieve the seated end older feamras. 



Ids 



re 8 at;plt ; ts the 



Figars 7 cepicis ;ne Rublk: Key iraraatfiarha's (PKI) 
login process shown in Figure 3, acoordir-g to aa 
amdadinient a? the prasea; iavenhon: 
!■ ig» e 8 ep ots ' 
shown th Figure 8; 

^ ^ <r i tarn ai 

Instdutioida seiYarsida at Ggcrs 2. acatorpiiie la aa 
amoeaiment ^ preseni Invaatton; 

(i 'a 10 di-{ X 

> C , - 1--. \ 
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smieatajo process 



' ' ' . 

mg t\mnm\ transactions, 
exchanges, currency and 

as the internet makes is 
over ph< - v 



• s s,\ PE^don caps i 
exchange capability; via a h/ ; 
1 - " „' (.< i 

x 5 apgaap n* mind on 
customer is hyperiinked 1 
««source Locator iiML) fo 
wet? se-xer coraalfttog she u 
a; 83 ana prompted to enEer 



itfi > , ! aa;P wading system and method gravida 
sac;xe coramunicaiiou protocol Ixawean the fruaaioi 
v . i s wrtaai private 

max hi} o 

manJation a! anaa.aai apptirxEione ay ;he financial insti- 
Union's appsicaaon servea; across ;he " The 
onsiomers referred ;n herein mage tram ipdhadxas to 
tanas amass sucr as corporations, axa managers ana 
peaks, 'i'he Eipsncnh applications roterreci to 
ni. Pi not limited -a- spphoaEixx' tor axnaaoic 

v r V Er 

Patent No. S/?W.h0x which is hereby Incorporated by 

fefcmX'* '< ">e'0 

t! ; < s r 

5 > "tr s 3cs 
iiaaa ar - ts. sixh aa as ; 

t\ Lb ' « * - , - V 

ence; o > ^ s N to 

■■' iY,i t - - 

sabers. 



xea financial 5 



the sac; 
URL wr 
aiaspp: 



x 0 poi Secure p 



[0015} When the easterner comae to the financial 
IpXXXoepe web alia or Ui"-U. eo access a Exaricin.i apatb 
a;? eahan tor the h;ai: tane I.e.. the cnsEoraer is a Sbet-tane 
i.;saa ti;e ■EEstxhxns server aysaara initially a;;taac;l- 
anas ha; oesEemer Ehroogh a sxsura npysEnaEipa proe- 

i •> i i t 1 i- 

m »fiticfi she rsg sfat i v. < 

25 k v - * 

teareas PC, aaab as digital signature ana session 
enc-fyptiop capsbiit&s, certain Java class and dynamic 
1( « pr^v =i m ) 

digital signature, that ramax resided oe tea customer's 

30 'V «K v Pi ' - * v K i) W 

seqi t visits tc r- v t - 

software on tee easterner's PC antansalscaliy under- 
Ku >v f n h >> i a - 

sacs as encryption ot ax session toeEweer; the cas- 

as tomer and the finsncte! institution's appllaaeoh servers, 
ar , m v - ' t - 

are i so the caa 

Eoraabs PC also provides the aser ahenaee. 



ierPaal Pirst; taEa swaaai arrd ; 



itUepHK can 

fOQt 4) Acoos^og to an a, ' - a a the presept- 
invention, as shewn m Figare 1A. the ^r-encmi institution 
{, - ■& a vjta -lir , a„ n-p ^ . - 
"sh"v ' >< < At Si : a caatopier at a iernrinai, 

speh an a client computer or PC, uses HyparTa:<t 1'rans- 
n 't j- < x » n ^ % 

gatea, far axanioia through a hierarchy a? pages that 



pass* , 5 , ha c - t an 

t pted by the a ah s sack, to a web 

se-v <i - v 

tioa server envirarapsrg, where tt ip aaaci ;a {naiipaElpaEa 
;-:a l>\ ! 
[i or?| 

can access N - ^; ; ^ ; aec s.Ee a\ start 

^e-a-m 4 ».\: a 1$ tc an 

<r x -a v • s <• - 
see tojaer Is autpentieated and the eEreryp;ed seaalaa is 

with a series at scras«s and a ;ra;nu that give the ens- 
tcaner ahoisaa tar doir;p vmtkm Itangs ana ; - per- 
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frorrrtirig a financial trsrtssctiors s . rm as trading foreign 
espc )s« fro ptm c r - 

< i ■ pars 

transaction, and the size and nature of toe customer, 
o w displays an ' % - customer on the customer's 

> 1 v. < t i ' 

-.■>;-•-■■ 

the customer sec; 
on 1 , customer's PC 

[8018| Retorting now to Figitt* 3 w^icr> represe«s 

t ) V ' < C 

thereat for secantcy pa-forming financial tnmsactlone 
« et the h i i- i aoootding tc; an > \ \ i s 1 at the 

p HOW k 

\J 'XV ' " 

met k 

mw >\ n n -X ^ c ^ ^ >vt 
fnoetea Computing Envimmnem ilfCC; security; nm- 
wai: nr ■ > 0 

flrewaiisp non-rspuciiarion capability; encryption oicom 
^ jiiv> ( new 
- « ' , x =iV" ft? > 

name ami password for both settware download and 
ss! o ? and 

software distribution throagh HTTPS cenmaction wO at 
ieast 'mm m -, - ; ' ,., * o security amnaec- 
^ - * . k \K 

detection capacities to cfetswsifis what components 
ana no; installed and whs? components are mm, vm and 
to perform rnlnnns; increments: seiop 

and the hnenelm institution's system, the fa-ascia: instl- 
u 

cations for wad ^ n < . to t on thai;- ^ 

my r r s tents, whfcf 

snducfc cilonr components ior secures comewmicatlom 

financial application has one appiicatinn specific com- 
ponent. Thus, if a vsmi&smvm wants to oca a tlnsw 

Osttohoe ail -ha security ami communications common 

v t- v i - m ^ , 

most be iostaiied on the customer's iooaJ computer, if 
the i. ^ t suosepuamiy wants to use anotnar avalia- 
rk < i> -> w 

cine composed needs to bs installed on tna easterner's 
local computer. 



bm&i applications, irsc uding an application specclo 

5 " ->> " , \ > - 4 

arid encryption software 'tis with at least ' 28-bit 
encryption capability ^.cn as a SSL. sesame or s PKI 
scheme Ue ifwemt ' PKI On toe server sloe, the finan- 
cial institution's system includes a financial transactions 
?fl oaai 'Xi^a K" ^ v 

;£n. a catakaener having a port ;§o. an osaae;:; 140, 

aotnenixctra oilartts for :;orta-a ; ra ;iooc;ioaa Tt;c web 
server ibO contains a signed tipple; wlnot; t< used to 
tcaiatspe tb« dowtn'oaO of appia:atio:n rtcntpoiiettfa sptt ■• 
rtili-n rca-tlcolar tinanaa; appto:r;:iot;s This; wad server 
a > i50 also contains wen client components in secure 
dirtictarias, < c:anriet br; ijlrrrctiy rocres;;i?d by wee 
ciicreoWoaioicers ot tna tinansiai institution. These wee 
client conroaiiertts are the sforereeutioneo client corn- 
pencrcs for securea acnircanicatlon rnai tapether coo- 

;>;.; a ' t « ^Iv ' ' " 

viae client modulo is disrwaseo in more detaii later. 
P021| mm t®§ate DCS m- 120, it further 

such as the ?v8tWs3vs-r- v product ; v iaaa by Nafhiumioa 
w; 's N , ' m ^ V ?P an 

m\,;o --k ■ ^hiv ;>x A\ t ips ; ,m o - ? v oe 

?rtg ; x=> va > t . 5 \' w 

financier cictiictian, and st retationa! aataoaso rnanage- 
m re it st ? % 
w - 

faeas (APisi for programmers to develop coda to access 
tna data ana stored orooedtires in the eatadase. and 

deoiiaa; iWoW;: ■(ORB; , ^ - > - " ' 
I provides 5 

^ a - f server object. 
<ra 10822} in operation, the cl«nt osmputer tmm*} 

S s- <■ ■> 

so Pet rear; the interna: ; he VPN tS - - % 
uai, 

son between the VPN r and the firtanclat institution^ 
s>'?rorn ts s s, so: : ' tariffs such 
as a Cisco Roatemc - financial m c ; systeni =e 
or; further semeed from the ypni 1 60 by a smattwaii hre- 

^ 1 the PKJ s SSI V onus a e 

n tp( to prtiviot to m u.ni 
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cation ' u v oCject ;w aa sea or module ate as 
as d\m\ communication tunftsted through ibs gste- 

toasted at gatekeeper par; 130 may he replicated to 
aocoramodata a largo camber or users or cusiomers. 

toe " jo ms or , v \ - -\ 1 - s t hi c A* 
ke«p«r will be started or; a static: port For each 




traffic v fC< a . « t \ •> a; • ntachiee whete the gats- 
keer i i x< 

(0024| Referring naw ha Figaro 3, which snows se 

view fi-OW d 1 5 SCti \ .5 v fS 

tomsrte Ci ; whirA Vs sat 

' tl 1 }if > c 

« v < fjN 11 a public data network, according * an 
eotoSSmenl of the present invention h:r merreornsd 

< c i - A % tit: t 

accesses for the titst rime tha financial institution's woo 
site a:r Hi htrwteg tko desired kearrctel applications, 
'■ customer is ifskaiiy authenticate;; through a eec.ure 
rogi.sJr3haa process at SsC Referring aow to Figure 
a i v - mv 

iteration process, accorekna to ori embodiment of rhc 
i vtemtt by the 
1 \: s. o institution through a Csblhoate AuAeaty " 
and t) ^ (ti -ay 

exchange a- ■ t at Ska? sa •> * commrxticatton a 
tea ragisftafton is sooara Cava possible way to Ceiiwsane 
the key exchange certificate ;a ike customer a; via a 
postal service. At S3;\ me registration process further 
h\, • Ma iv customer a: aseauie oa ' 
with the CA - lAoa! ssacaa 

public, private and mctea; signatere keys tor end -user 
atAheatlcatloa purposes oao for providing secum finan- 
cial transactions over rae internet. The CA may be a 
t » parky CA or toe financial rastiauiaoa Toss working 

bona, Including issuing digital oertkioates, mwAwg Co 
digital cerbheetos and maintaining the Csrtleeaie Reve- 




hen can revoke the issued key exchange eertif rests and 
K-t. ra - the relationship with such ,ic at SS8 
and S37. Howevea • trra a Ceto^ s suecossAtl at 
SS5 ;h« tlnaac . shtut >a i s s a rs iticnshlp 
^ ta» aasaaaa r provides asr, urns a pa 
5 esstoaae >e CA issoiag the essar> 

- v=ttt S-C- 

digitai iu keys to both the eostoraiar sad tna 
kisartiPa; irst for rr;stoai ■nfiiaaaticarior; or S3S. 



Additionally,. 

[8026] ^ >=> f „ b , * v <? 

csssfui registratioa process, rhs fraanCai inshtation 
d:;aaaloads seaorAy sokaesre and web triiara ctrmpo^ 
rarate to rhe cheat PC of the oostorasr a; S3-a Adaikior.- 

ap.piksrriof- irpsraitia appis;;s ;o ifro rkitaa a; ■aaskaroork; 
coraprAta' a; Sao, Figaro 5 province a raofo detailed 



v o <• ^ , - > 

sessioo encrypkea ana higkar sigaa-are. arrO Iter Jsaa 

ra.:o. type o? taps icr f he CRCiC i ■ ' riaporats oa Are 

r^h Fapitrrair-^ oiaratp, thtr ORChVl 1 1 1 i bit prickageb 
as era? c;r mora CAB rites: for Natsceee oiieasg >ma or 
raore JAR it tea 

paCriT] Trra ekear PC Abhor ieeteees -he orrsryptioa 
software " According to one embeaimerA of the 
present invention, the orrsryptioa software aseO is a PK\ 
soft*a=« sjc - \ c 

certificate prewoasry insraiied ia rhe oiieot PC of the 
customer upas ^ - N o 

shsvsm io Fi§ B. the t \ ucf s ntr«s !&v 

Rtintrmo 11 V v,- assacatre;; dig.itai sarnatare key 5 18 
Sifxi session eocrypbon key 1 5 9, as s raquiramsnt lot 
8t8-ORCM 111 to mn. Accorrsrng ;o another embodi- 
ment or the pretrerr; irrvetrriorr, rht; trnotyprten software 
116 uses the SSL scheme aeveteped by h3e;scapa V: C 
[0S2S] Refetrtfip now to Agrees C 3. ana 1 As 
^entorwes < - 

fiaaacati application trons the tinanciai institution^ sys- 

ro a Hypsr'fstJt btarkoa i.aaaaage ;H"rtvA.} page on rae 
Cternal web server 150 ihai: comaies a siarred appkrr. 
wreck is ar; spp.kcataan spaoikc; appiet. The; applet com- 
prises a swgte sign-on cotaponerk of the OrRSM TAJ as 
well as download manager olamt software, upon this in? 




if ton-" v v v x 

' 2 "ho ao > ^ -\ vti fhet 

aers - - encryption 

because there is no aothantteasloh, fksvarthetess. data 
e ente are digit 

ai!y signed. The stegte slgtvon compoasnt and the 

O - 5 <\P < ! v ■> v 

the ckent wad drewser CIO of Pre customers PC if a 
new release of t « : hie Is needed, the web nmwssr ■ 1 0 
apOatea the cache, as described in leather derail later. 
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at; 



so 
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he firsanoai insifetion's system is now 

1 l X0 3i - ' SS 5.' SS 

machine snarls up. Tiie HTML, page of the 
application specs'?!;; Java applet 1 1 3' lists 



SPUi! 



■HI. 



■isnis 
jectfic 



- ■ ifc ic-eat'soo 
t<^ tp > * *. " ■ 

specified by a Java Property wnetesn the cache is od 
sgnateol as a directory relative to tne client's Java : 



; cd r 



are - it j or outdated, j? any * are needed from the 
ssivar of the financial sashtotlon. they will ea down- 
w sis j upon - > saocesstal ioasit by she cnstonien Ones 
<t i h< < i s a < 

. * M ' ,> „ 5 , J > < , 

t - tV ! 5 h* t , \ vi 

application files OOoctiy taaa the Hiem coeds The sis- 
gsa sips an models used it; both the dowaioad process 
and toe application e>;eco0on er;soaas Prat ;ha s.sser nan- 
ce; ioad the >ca TivtL teace avoid f 
sy't >\' ' n 

!<v>ni< - - < i;a te 

date t ; 



rare -eq t ;n eo 
, as mat 



oatee;- 
Additk 



Co 



ops 



is by pasting oat 1 
run time t ; 6, At 



oanai 



¥ 1 iS 



s,*0 At 
i f ip A? 

tan- S. • > < C He or»sunt 

j ' ^ Vd 
wish at toast 128-bit aiwrypdon aa aotablishaC by Oas- 
soaps"' is ooa-spniaacaia with the ORSM tpa ^e'ocyh 

\Uav& m 

an ^ ^ a 

i s^ k and password a; SI52. The OftCiVi 01 
prompts a uses- to enter m DCS user name and pass- 
word when ellnar the ORCtvl Hi :s Initiated oy a cos- 

^ % sit ; ■■■■■> 

case hese, ot when those- :s a -eqeesi to dewcioaa oca 
o'O toe Oianoiai snshtuiiorvs sys- 



ptisos- , ■> as; eac-yaied a password, a;; shown si 
S6'5. if ao h'sa caste-oar will be prenyiied far this pass - 

ihs-j ! j > r 

reqnsre wr • \ ' , be dloiaCy ^ at pas 
isioaiiss-o as SaOa as fprtnat oxp;;dne'3 aobo?. Wish tise 
■!'■<■ saarvpison sahos-oo, -ha application spaciflc -Java 

tX - s X - v V « ^ st 

MM" 1 '- " ^ ! -vua-sytdo 

nterr^l - ^ > - ad a PH 

. <r s r 1 1 a Svlv e f 

tunnaiedtrroogd HHPS. The HT IPS junneSmg >s used 
whefi She a'o - s xt -he oijar- 

and the St ■> fans! ot a id 

S. - Olt> S X ! ( f ;i s> 

i ML file tt m\ 

k-r ow ivi 

too atos'eosanticnao iiQP oarosanaioatipn ooo.vgea -ha 
Java applet 1 and toe ORSM 123, 
f0032] \ 



SdOP. ' 



>. Coca data n to fo>i" taa„> 



C3. sat 



osss at sm of 
ssaociatod with 



Csi'peaio 



"s eoibttdi- 
;;;:;wafd Is; 
aanswaor 
RCM 111 
- mt fast 

saooosatni iopits. asvasii ss tna naroasr 0 r pnauocassfai 

reqastei-nasos tor the password tna)' also bo imp%- 
mma. Car saotenaa. a passwotoi oray not da ohangod 
oxse sjoss- 
aeeoonts \ ba dsaabied atfat a specifisd nuatbar of 
■ iooin astataats. and there Is a lino- 



tiOPaajstjsjy t 



pa;;tsv;>a; t.tpot; tho •; ..o:a:;:rhii lo«la at ah-f. nht; ORCM 



a'sahaia, soon as Entti 
alga ;he reijut;;;! Sa : S3. 
across over the wire b 
socarad with a PK! Ss 

' C F ^V 

:oa t ; . ps.ibfasp-sarit safvsr intosroptof is itnpiemeafsd to 
trap k - C aatore tt fat - - - at 

S635. The rsquast :s lapped in the BCL bsoaibpmastts 
' sysSam Ida en Ida phya;o;diy seonrad host, along 
- istan 3 t S63 a res; »§! is thea 
m PKl file module 
and snowed to condone proeassiag as normah The 
responae to ths non-s-apuo'iafion \ < \ at S6>' or 
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|O033j OiilXU direct IK t 

the customer connects through the rovers "SO and 

to' Cm<X 

corresponds to -he application specie Java applet i -2. 
[0034] j .\ v ■> , 

meats teeeieci with iXs numbers. As shown in Figures 2, 

0 3C -Ipf S<5 S 

■i \ ect 'XiX 2 s 
■.Java ihisreeploi component r 2:7 which is ins server 
interceptor meniionsd earlier, and & Java-tc-DGE 

urOSS COmpO . i\ ! - c 

i V ' > ■■! S > < 

cation ;o: making DOE calls from the .Java programming 
ia ag< thus, a C - 

mends ihe speexxaSXn ami makes i! easier tor Java pes - 
grammars ;o access GC£ API Auctions. 
|003S| v t f - ^ - ^ 

computer of the customer- tor the first erne, as aats-- 
mxed &• S70 ; s oi Figure 3, mutuai two-factor seihsxti- 
cation takes place befwxsn « OR CM < i pf the piient 
tttamw 1 iOssx i tb&t eked that 

; Vlt . > ,t x x f 

110 and the gatekeeper at pod 130. Thus, thas-s§«nt 

"> HY. xfi 

browser ^ ttxomx tns uaxxeepar per; mo, ana 
to ih& object router serve- components. Consequent.;-/, 
there are severs; , < caiis that are executed at this 
juncture eefxeen the ciisnt browser ; 1 u and the OPcX 

s v ^ v - f 

pi-ace "under the covers''; x ether words, no aeplloaxm- 
i< v 

[0038] si s PKi encryption scheme scot, ss the 
at c 90 




aumentkxte aach other's eighth oerhhoetas to snsurs 
that i ay come frc o a \ d C 5. a m s t rh or tix C R 
of ho -A >p« > v nhcatiort at SS2 

the ORhhV 1 • i veohes ' x \ a s dighrh ear; mete et 
th* i <a ip si X" x retrieved from the ORSM 129 « 
from a 

P ■n i v « "same (ON) xi in ins car-meets « 

a ttup, ^i-. ^ '"- °^ % ^ V ^ ' 

also cheeks the CPS. to ensure that this digita; certificate 
aas not been revoked These two. tasks tea accom- 



l< P e a 




A t N 

x^ x ' ertiftcatg 



with the PKi servers wXtX. the X-ianelai institution. Pur- 
t sis recuire a p ess t 
is repuoiatioh it is at this jwxfum owing * ie-qees.s 
SI. at the OPlSM h?3 makes appropriate caiis agairiAthe 
PKi Flit; modcis to- validate the orient's ciigr-a; signalufe 
and. via the DCP Rarmtte Procsdute C&ii {RPC\ skora 

' " N x \x ^ , , 5 x 

;x,. ; database. 

[0037] r t r 

S80 at Pipura 3 : hirjum ■ t provipes a petaised tlmv Pia - 
gseio of x SSI. aniimihicatiori psmsss ceiwean 
ORCh't ■ i i and OR&Pk -2S. Referring to Figure i 1 , only 

:-hi tits ORCtp i : wii: eakdaie tha sprvar digital cartiheate 
pi x financial institution ssxg a iocsi public Key 
depioyed wish the acni oa; v S ox : eX:a!!y at S82. the 
OHv-V * J r 
RSM 9 -x'x> ^ 

ttt; CAs. is pfovfdeoi o 'x cie;:-.t , nntpcter as part ot The 
Si kt i 4 x n 

cial IfistittJtion The ORCKS 11 1 aiso vetisles the DN con- 
Ktnod N t* m x< c t 

No ct;-> . 

[§{53Sj n? t« "h x 

hxtv.xan the OPSx IPS arm ;ne DCP application serv- 
ers xhh as indicated by Stph and " 10 in Fipum 3. if 
She i :; Ki encryption scheme is employed for this auhxm 

S»!<Sove \ 

t;ciheniic;aa against tr«? DC-Pi sewers 124. tr«* server's 

other (dentliyif-g a-trihstes of tire oustoi-me. axtrsictad 
from the client request dunnp the atoramenhooad 
authentication pmcass. The AXIT x then reaps me 
tx hto AfPA ,5xf N e^ " ) - _< e-xv-to 
Java intercepts !27 of the ORSiM J 28 to complete 

55 t ^ Xi N f s ' 

memory {RAM; tor use during iater rennesis. hiesl the 
DCP appiication seerem 124 authenticate the web e)h 
eveAustomar, using the OCh tiser credentials passed 
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[003s i- D - * 

ths ORSM 129 also uses DCE authentication to verity 
she aopiicssirx- sewers 124 wish which is is cornmu.wa!- 

' N peOOrUi ;;><<; vesDxalara - OESO OE3 also ,0! 5 

ikes the DieoDs DCE user ca-xienObs to auShenl5csie 
against she DCE sewers IS*. The OCE ass- coedeivDbs 

i ■» K on 

cation, sewers Os'i ayth.eofics.se the web eilerp/cusioww 
using ;n* C 

X, K ^W 

security ieOs-nu..Oon wE he cacaed ixsred or, session ;D 

[00401 Upon e:-jf«bi:?i';i:vg me DOE user ixeOenbsia 
wtt . tit) it o v. ■• she 

OFlSiV; 129 Soxisi&ifis the HOP ;'oquest si ooaaeoaoe 
132 into s secure DCE recces; oiiDDg such . . 
<'it? i > 3 ee 

j f i fxawaen She i ami DCE anXocoie. SpecrixaOy. 
tf':8 f \ i u ^' is 

n x -m n o~ '< 

exissa She rOer-PcaOynxer will not oe poxaeu access to 
the DCE application servers * ^ -he stored > ar; 
eiai applications. Access to Ihe DCS application 

3 V 5- - v.N t , 

(not shown} oi She AM":' DO us'^og Access Control List 
X taaaagraxeot. Access e:xa;yH so application serw 

- ^ \ SefV t« 

arc'; > H> v t, 

m ; IPCs vi - * serve Each sppiioaSio! 

),U 5 tSiiDiC 

CSBRiD, exacted oy - apnis..a;Di; ROC server freer 

elements. Eotitiesxent seeing is reshxaed to !<x 

izeoi application aarOnisLshors 

[0041] rtm OEStv; 12s mm pm&gsms the 

secured request along to She OCE spoiicahon servers 

1 ' f < , l ' ' V - 4i) 

type Shea that nseP a; iae snoryphor! ier HOE ey>ayyaaty ; - 
cation over ihe - between Pre ciisnS browser 1 1 a 

s \ - - 1 the 4o 

Hi-ranes envtronunxH 

[0042] Upon subsequent requests by ice eUre; 
eorxpixer ft x;e apt. rHk n She DCS applt 
as-ion servers OPE, 01 nadirae eoreposxaxs would hays 

^ -> - xssar- as 

asp ere executing. Acidiaeneiiy, when a won sags or 

5 file ass e wit s desired 

appilcasax; is requested, ihe browser win check the 
at. it tht ior t - ; r P « 

browser w® ett t ones per session or every Sims) val- an 

Es do s up cpocp r 

HV a r i ■> . ^ ; 1 ^ 

dooauiarp irons six- wet; server < 50 ; and ii tra docooxax 



" « th?t\, t if 1 *■ 

'V tt ( 

digiraiiy sap- -as reqaes; wish EohaJst/'Fas before seaca 




sod ihei pki s« s N Hon, S euesi a 

coming from s previous!;/ aushenticrsied ussp the ORSM 
129 sii^piy vaiidases She authsntfcatios'3 context, 
beravari aad va:iPa;es ihe :aiepaty of The raessaoe aii- 
iiainp EntrusPSesarxi Application Propiem atts'fooes 
iAEis ■ are passer; the repass; along asas; cached DCE 
ssSeraaas. if - c " S n 

asirp; EaSajsdOe one s-ara tire aporopraae arrorn-ieaon 
■ fire ORSM I Ea paaarrrrs x woe faeppirrq irera 
HOE ro DCE aiernt 

rsqussS along so ihe DCS application servers 124. Tbs 
castoere;' aaw aas asesss so e secure enOroray;sns over 

t > i 

froraOeh'V n. ^sf/^ teu* 
£0G4?| Asx - ^--Jes. heri 

\% 1 e-e e ■> ."H u ^« 

snorodirxents can v same s Is Varsatiws 

t 1 > v It v ! ^ * &S PPtJ! 

«t)i o ,*k < 3 1 r 1 , )^ v r> 

■lUWd JO- X) » < C< K\SiVA 

ienfe. 
Claims 

1 . A ixesacai Or saoeraiy p;a)vicang a Oiaraaa! apeiraa- 
tier- over a peeaadaO nsiwerk OD-O, coraurtsifap 




trararaxS-ing seauriiy aaf-wafe aver the EDM so 
r'» la" ' v ' Oo "^oost 

ssciifsiy w „ She rspoast over ix PDN 
vats; the security aafrwara: 
wherein $ransmi$ng sns security software is 
coatingeor upon a success at - sacra-s reca;- 
h'saea process. 

2» Ths snetood of c r 0 r< ? ^ r tf-e PDN s - • 
fnterr-et. 

3, The method of rbaim ' . t >t ^ \ tof 
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e request over trie PDfd with the seen dry soft- 



1 s . , - 1 , ! 

feed before. 



rep neon rig a user name end passvvcnd vfoii 
regard io the -squeet for the ffoanciai applies 



3« :.ertif ate 



a diode; certificate 



' 1 ,(.} e ^ resn'-e n password > 

liV ' ^ ^ v c 

tfon;: 

receivfoc- - user name ere password: 
verifying foe user earns ami passa'seni ai'e cor- 
rect before continuing vfon processing trc 
fsqussb 

8, be ■> let ted m v o < * 

leg the rsqoesi over the s with the eecenty sod - 



HtwxM sppiio 
i0 rmthod of ciaif 



warn s - < - the requested 
\\e>. ; D> 



tcoreiy process- 



cats is contingent 
betsrs. 



; the receded digital cerJlte 
e the teqeeel for the fmsto 
e havse; been receiver 



11 ► <■ . V 

receiving e digital certificate associated w;;h 
tee request tor me fineness: appiics-fora sue 
verify jgt ©digital ;ertiffc sis teens r« fosfiti = 
fjigPs tert ica i cert 

cats authority; 

* let* 

gent on tne teqesst for the financed appreanor; 
fiot nevine been received aefcre. 

12. ' 1 - pfo 

cadoo includes a; least one application for foreign 



•t. wttsreie me financial apps- 
;.t one application for providing 



tecefoag tPe una; earns aifo oasswoid: 't - 

y it <; d : - 1 - 1 > < ' < ' > \ 

oodiPing tin; supporting software for the -a? ^, / , ^ " > 1 w ! 
reqiefoedfoiarionP application en needed; 
vmereir; ppdabng the sappcrting eofo\<ars is 

pantfrtcient i nnceessfniiv verifying the peer ciai application ever a public date resworn fPOnP, 



n P wherein securely process - 
> niithi > the securfo sod- 



proviatng at k 
space for seeun 



Kk ten whether the request for the 
ciai application esquires none'epedistion. 



Ids method of claim 4, who 



providing a location on the pobrc Pete network 
s >ns financta 



request tor trie at seas? one 
en. providing sacuhty applloa- 
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acne having pigitai sigaatsre a.ne session 
encryption capabilales and keys tea saihantias-- 



i ; - 1 aiofing a! tea a 

k -\ , ' s - \ < <s ; 

accessing she at least one nnsnaai application 
over the PDN, 

applications! comprises: 

a a ^ 

-> - it j a alpaca caeta'crats watt associated 
enotyptson k«ys basset on verification of ih« kay 
exchange oe.dihcafe. 

18. Th« nattPcd at oiaen 17. iodhar comprising: 

estaiatshiaa a see? nana? and paaaa-oiP lemae 
request aor tee at least era: tlnane'ial apparition 



as, 

;acaage space a;; a prsrspaiske ior seasoning 
a tha at leas' ana llnaneiai appiiaahoa 

28, Tha method or cU-lm 15, a<hore;a tha at Urns- ana 
•Itetsioiai application incianaa a; leas; one applica- 
tion for foreign oraenange trading. 

ip 

fsnancia 5? cat t s at is as- ens aps ; t 

Pan to; providing settlement instructions, sntifor per- 
forating allocations and spas. 

? ^ ? • t a a 

P Inciades at laaal ana application 1 ^ 'enxdeiy 
and aieedasleally purchase ta'Kis^t warrantc 



Is), "ne - -a .\> . • v > - , , ■ ; the 

security applications eesciranneP none a 
nation tsat the request tor tne at sss.t one rlaancia: 

'C K ' 1 ' 

aslng; the ae;:;;a;y eppiiosuions to estalfosh an 

-> - •■ 1 " . s . 

21. The method at cieam tad rqriher comprising: 

N v. < ^>\^•3 s?s:x 

ated with too rapaext 

2a 1 s ' ' 

establishing a oassvesrol for the digeal cettrh- 

23, Tha raetPna of ' 2a. tnrthsr eoreorlalaa: 

tasteatarana afoeiherthe request tor the at leas- 



. >t >'•> \ a? > 28. aa;eree< ' > o nos- 
repudiatlon comprises: 

receiving tne raqaoel for the at least one 'Inan- 
. , - ^ v . ;! > ^ * a 

t aigitai signature ooatainad in the 
i i - >*v 
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Figure 2 
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Figure 5 
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FIGURE 10 



EP 1 043 OSS A2 




FIGURE 11 



